<html>
<body>
<?php
if (isset($_REQUEST['x'])) {
    $x = $_REQUEST['x'];
    echo "<h1>Choose New photo from your PC</h1>";
    echo "<form action='Admin_A_photo.php?x=$x' method='post'
     enctype='multipart/form-data'>";

    echo "<label for='file'>New photo:</label>";
    echo "<input type='file' name='file1' id='file'><br>";
    echo "<input type='submit' name='submit' value='Submit'>";
    echo "</form>";
}
if (isset($_POST['submit'])) {
    require ("connection.php");
    $x = $_REQUEST['x'];
        if ($_FILES["file1"]["error"] > 0) {
        echo "Error: " . $_FILES["file1"]["error"] . "<br>";
    } else {
        $allowedExts = array(
            "jpg",
            "png",
            "gif",
            "jpeg",
            "pjpeg",
            "x-png",
            "Bmp");
    }

    $temp1 = explode(".", $_FILES["file1"]["name"]);
    $extension = end($temp1);
   
    if ((($_FILES["file1"]["type"] == "image/gif") || ($_FILES["file1"]["type"] ==
        "image/jpeg") || ($_FILES["file1"]["type"] == "image/jpg") || ($_FILES["file1"]["type"] ==
        "image/pjpeg") || ($_FILES["file1"]["type"] == "image/x-png") || ($_FILES["file1"]["type"] ==
        "image/png")) && ($_FILES["file1"]["size"] < 200000) && in_array($extension, $allowedExts)) {
        
         $path = "upload/". $_FILES["file1"]["name"];
          move_uploaded_file($_FILES["file1"]["tmp_name"], $path);
        
            } else { ?> <script>alert("You can't upload this file.\nOnly files with extensions [ jpg , png , gif , Bmp ] are allowed."); 
                          window.history.back(); </script> <?php }
          
        
        mysql_query("INSERT INTO `Magazine_photo` (`Mag_id`,`photo`) VALUES ('$x','$path')");
        header("Location: Admin_Magazine.php");
}
?>

</body>
</html>